4. MT7697
WiFi/BLE Soc
SLE97 2.13” e-Paper
Button Array
CP2102N
USB to UART
3V to 3.3V
Step-up
5V to 3.3V
LDO
PN532
NFC
controller
SPI bus
I2C bus
Interrupt
Analog
UART
USB
5V
3.3V
3.3V Special
buttons
Digital
Hardware Diagram
4
6. Linkit 7697
• Arduino Support
• Wrtnode’s module with 4MB Flash
• MTK Official Support Platform
• With Auto-Switch to load Firmware
• Arduino IDE Setup:
https://docs.labs.mediatek.com/resour
ce/linkit7697-
arduino/en/environment-setup/setup-
arduino-ide
6
19. Secure Element
• SLE97 – From Infineon, Software from IKV
• ARM® SecurCore™ SC300™
• Crypto processor
• ISO 7816 interface
• SPI interface
CC EAL5+ high !
19
22. Wallet – Cryptocurrency: BTC
• 對比特幣來說,每一筆交易
完成後,餘額會匯到新的錢
包
錢包需要管理一堆Private Key
➔Private Key 管理問題
Solution: Deterministic Wallet
50 BTC 10 BTC
40 BTC
交易
A
A
B
22
23. HD Wallet – BIP32,39,44 Overview
Root Seed
Mnemonic
Code
HMAC-SHA512
Right 256bit
Master Chain Code
Left 256bit
Private Key m
Child Key m/0
Child ID
Child Chain code
…….
Child Key m/2
Child ID
Child Chain code
Child Key m/1
Child ID
Child Chain code
Grandchildren
Keys
m/0/0~2^32
Grandchildren
Keys
m/1/0~2^32
Grandchildren
Keys
m/2/0~2^32
BIP39
BIP32
BIP44
…….
23
24. Child key derivation
Parent
Private or
Public Key
HMAC-SHA512
Left
256bits
Right
256bitsParent
Chain Code
index
number
Child Private
Key
Child Chain
Code
Key
Data
https://github.com/bitcoin/bips/blob/master/bip-
0032.mediawiki
Hardened
24
25. BIP39 - Mnemonic Code
• 由於Root Seed 不方便人類抄寫,所以透過2048個字的組合定義一
個Coding 方式
• 2048個字➔ 每個字代表11byte
Word List:
Abandon 0x01
Ability 0x02
Able 0x03
About 0x04
.
.
.
https://github.com/bitcoin/bips/blob/master/bip-
0039.mediawiki
Root Seed (128~256bit multiple of 32bit)
…….
11bit 11bit 11bit 11bit …….
Mnemonic Words
First Seed Length/32 bit
of SHA256(Root Seed)
25
26. BIP39 - Mnemonic Code https://github.com/bitcoin/bips/blob/master/bip-
0039.mediawiki
Root Seed Length Checksum Length Total Length Word Length
128 Bits 4 Bits 132 Bits 12 Words
160 Bits 5 Bits 165 Bits 15 Words
192 Bits 6 Bits 198 Bits 18 Words
224 Bits 7 Bits 231 Bits 21 Words
256 Bits 8 Bits 264 Bits 24 Words
Badge預設值
26
27. BIP 44 – Meaningful structure
m / purpose' / coin_type' / account' / change / address_index
• Purpose ➔ 固定 44’
• Coin type
• Bitcoin ➔ 0’
• Eth ➔ 60’
• Account
• Change
• 0 for External chain ➔收款/付款用
• 1 for internal chain ➔ 內部處裡用
• Address index
• Badge預設: m/44’/60’/0’/0/0
Tool:https://coinomi.com/recovery-phrase-tool.html
27
28. BIP 44 – Meaningful structure
m / purpose' / coin_type' / account' / change / address_index
• Purpose ➔ 固定 44’
• Coin type
• Bitcoin ➔ 0’
• Eth ➔ 60’
• Account
• Change
• 0 for External chain
• 1 for internal chain
• Address index
• Badge預設: m/44’/60’/0’/0/0
Tool:https://coinomi.com/recovery-phrase-tool.html
Hardened key
28
29. 乙太幣交易
• To Who
• 交易對方的Address
• 20byte
• How much
• 金額 單位為wei
• Uint256_t
• Gas Price
• 手續費 單位為wei
• Uint256_t
• Gas Limit
• 運算數量
• Uint256_t
• Nonce
• 交易筆數
• Data
RLP encoder
keccak256
Secp256k1
橢圓曲線
Transaction Data Transaction Hash
Transaction Signature
Recursive Length Prefix
Encoder for variable
length binary data
29
30. 乙太幣交易
• To Who
• 交易對方的Address
• 20byte
• How much
• 金額 單位為wei
• Uint256_t
• Gas Price
• 手續費 單位為wei
• Uint256_t
• Gas Limit
• 運算數量
• Uint256_t
• Nonce
• 交易筆數
• Data
• Transaction Signature
RLP encoder
Broadcast
Transaction data
https://steemit.com/ethereum/@n-ur/behind-the-scene-on-
how-myetherwallet-works-simple-illustration
30
31. Smart Contract : Program on ETH
• Smart Contract: 類似一種部屬在乙太幣網路的一段程式碼
• 藉由交易來傳遞/運算資料
• 一旦交易的對象是Smart Contract,Data會傳遞到對應的程式執行
31
33. • Contract Address
• How much meaning less
• Gas Price
• Gas Limit
• Nonce
• Data
怎麼交易ERC20?
• 對於錢包來說,ERC20只是帶有Data的交易
• 能夠塞Data就代表能支援ERC20,只是不一定有辦法顯示相對應
的交易資料
• To Who
• How much
• Gas Price
• Gas Limit
• Nonce
• Data • Contract Method
• Contract Data 33
34. ERC20 Data format
• Contract Method – 4 Byte ➔ Hashed Application Binary Interface
• Contract Data – Depend on function
• EX:
transfer(address _to, uint256 _value)
4 Byte 32 Byte 32 Byte Data
34Detail: https://github.com/ethereum/wiki/wiki/Ethereum-Contract-ABI
35. ERC20 Data format
• Example: 要轉 1 個 Hitcon Token給我的話
• transfer(0x4bf5193805a4fd033b84b5bb700bf2a2aaae6a7d, 0xDE0B6B3A7640000)
• “transfer(address,uint256)” ➔SHA3➔
a9059cbb2ab09eb219583f4a59a5d0623ade346d962bcd4e46b11da047c9049b
• Address ➔ Append to 32Bytes
0x0000000000000000000000004bf5193805a4fd033b84b5bb700bf2a2aaae6a7d
• Value ➔ Append to 32Bytes
0x000000000000000000000000000000000000000000000000de0b6b3a7640000
➔Data:0xa9059cbb0000000000000000000000004bf5193805a4fd033b84b5bb700bf
2a2aaae6a7d0000000000000000000000000000000000000000000000000de0b6b3a
7640000
35
41. Secure Element - State
Init
No Host Disconnect Normal
Perso
Perso?
Bind Reg
BackToNoHost
-with pin code
Bind Login
BackToInit – with Vender Key
Bind Logout
InitDevInfo
41
42. Host Registration
Host SE
BindRegInit (UUID, Description, HASH)
Handle, (OTP)
Get UUID of the Host
BindRegChlng (Handle)
Challenge
Calculate devKey from UUID & OTP
Calculate Response of Challenge by devKey
BindRegFinish (Handle, Response)
HostId, Confirm Status
Verify Response
Store Host if Passed
42
43. Host Login
Host SE
Get UUID and OTP from storage
BindLoginChlng (HostId)
Challenge
Calculate devKey from UUID & OTP
Calculate Response of Challenge by devKey
Bind Login (HostId, Response)
Status Words, 0x9000 if success
Verify Response
43
44. Device Key (devKey) Derivation
UUID of Host
32 bytes
OTP from SE
6 bytes
SHA256
devKey
32 bytes
44
46. Encrypt Key and MAC Key
• Encryption Key
• Used for Data Encryption after
Login
• Mac Key
• Used for Data HMAC-SHA256
Device Key
32 bytes
“ENC”
3 bytes
SHA256
Encryption Key
32 bytes
“MAC”
3 bytes
SHA256
Mac Key
32 bytes
https://en.wikipedia.org/wiki/Hash-based_message_authentication_code
Login Challenge
16 bytes
Device Key
32 bytes
Login Challenge
16 bytes
46
47. HDW Management
• Secure Element Handles BIP32 Path
• m/BIP44/coin/Account/Change/Address
• Badge預設: m/44'/60'/0'/0/0
• Secure Element Holds up to 5 accounts
• External Address Pointer of each account (update to 2128 addresses)
• Internal Address Pointer of each account (update to 2128 addresses)
47
48. Cmd line Management
• QueryAccountKey: Query Public Key for a specific Account/Key_ID
Usage: QueryAccountKey [account] [key_id]
• CreateAccount: Create a New Account for a specific cointype/account_id
Usage: CreateAccount [cointype] [account_id] [Name]
• QueryAccountInfo: Query a specific Account Info
Usage: QueryAccountInfo [account_id]
• CreateNextAddr: Generate a new key for a Specific Account
Usage: CreateNextAddr [account_id]
• Account ID:0~4
48
49. Cmd line Management
• SEState: Query Secure Element State
• BindReg: Bind Register
• BindLogin: Bind Login
• BindLogout: Bind Logout
• BackToNoHost: Back to NoHost state
• BackToInit: Back to Init State
• InitDevInfo: InitDeviceInfo and confirm
• PINAuth: Auth Pin Code
• InitWallet: Initialize Wallet from Mnemonic Words
• QueryWalletInfo: Query Wallet Info
• QueryAllAccount: Query All Account Info
• QueryAccountKey: Query Public Key for a specific Account/Key_ID
• CreateAccount: Create a New Account for a specific cointype/account_id
• QueryAccountInfo: Query a specific Account Info
• CreateNextAddr: Generate a new key for a Specific Account
• Transaction: Generate a new Raw Transaction
• Misc.
• Voltage: Read Battery Voltage
• ReinitBLE: Re-init BLE
• AddVcard: Adding a Vcard
• ResetHitconTokenDisplay: Reset Hitcon Token counter
49
50. Cmd line Usage
• USB to UART IC: CP2102N
• Driver: Linux & Windows & Mac
https://www.silabs.com/products/development-tools/software/usb-to-
uart-bridge-vcp-drivers
• Mac OSX 10.11 up: Apple Blocked kernel extension.
• https://stackoverflow.com/questions/47109036/cp2102-device-is-not-listed-in-
dev-on-macos-10-13 (Note: Answer 2)
• Setting:115200 8N1
50
54. Badge initialize + re-generate wallet
Enter
No-Host
State
First time
initialize
Bind
Register
Enter Discon.
Back To Init
& Init
Bind Login,
Set Pin Code
and enter
Normal
State
Generate/
Input
Master Key
Initialize
Master Key
Initialize
Account
m/44’/60’/0’
Initialize
address
index 0
Read Public
Key of
address
index 0
User
Request for
re-generate
54
55. Secure Element - State
Init
No Host Disconnect Normal
Perso
Perso?
Bind Reg
BackToNoHost
-with pin code
Bind Login
BackToInit – with Vender Key
Bind Logout
InitDevInfo
55
56. Badge startup wallet
Read Status
Reg Bind Login
Calc ETH
Address
Read Public
Key of
m/44’/60’/0
/0/0
0x06
0x07
other
Init Wallet
Read Version
If bootloader
mode, jump
56
57. Wallet Address BLE AES Key
QR-Code
格式:
Hitcon://pair?v=版本數
&a=錢包Address
&k=AES Key
&s=ServiceUUID
&c=Characteristic前四個Byte[6]
初始化的時候,
Badge會將生成好的Public
Address和BLE Key打包成一
個網址顯示在QR Code上面
BLE 各charastic
UUID前4byte
Example:
hitcon://pair?
v=18&
a=808c2257d778e5f1340d9325116f5a7273b33f5d&
k=09626aa096254e8a8ce871bfd7b8895c&
s=1cbfbb33-ffc7-c966-77f9-311c6ba9e425&
c=26ccce12e2c66a0b72c50cca509dbfc1275074f57e7c5668
BLE Service
UUID
Hitcon Badge 2018 – BLE Initialize + Re-paring
57
58. 為了避免濫發交易訊息,UUID是綁定時隨機產生的
QR Code會寫Characteristic UUID的前4個Byte,後面的UUID與Service相同
QR code的Characteristic順序如下:
Hitcon Badge 2018 – BLE UUIDs
Transaction, Txn, AddERC20, Balance, General Purpose Cmd, General Purpose Data
58
EX:
[init_BLE] LFLASH_Saved_UUID:
ServiceUUID: 8b15cb6c-0dfd-553a-9302-3cdcded12f56
Transaction_UUID: bbf16eb7-0dfd-553a-9302-3cdcded12f56
Txn_UUID: d754e76e-0dfd-553a-9302-3cdcded12f56
AddERC20_UUID: 448821bb-0dfd-553a-9302-3cdcded12f56
Balance_UUID: 19aceb1f-0dfd-553a-9302-3cdcded12f56
General_CMD_UUID: 8a2c0cd1-0dfd-553a-9302-3cdcded12f56
General_Data_UUID: 4ff47ce6-0dfd-553a-9302-3cdcded12f56
60. AES encryption + Encoding
Raw Data
AES encryption
16Byte
Random IV
Encrypted
Data
Encrypted
Data
16Byte
Random IV
Payload
Append to 128 Byte
Encoding Format:
Header1(uint8_t) length1(uint8_t) Data1[len]
Header2(uint8_t) length2(uint8_t) Data2[len]
Header3(uint8_t) length3(uint8_t) Data3[len]
60